c53e7703fc
Land #12795 , lwp-request CmdStager
2020-01-16 13:17:41 -06:00
92de0b132f
Make HttpClientTimeout a float, f'ing finally
2020-01-13 22:25:18 -06:00
fe23d4b72b
Clobber datastore in CheckModule again!
...
Seems adding VHOST and SSL wasn't enough. This is a stopgap...
2020-01-13 20:25:07 -06:00
33dadefd53
move rdp_move_mouse to rdp library, add GROOMDELAY
2020-01-12 08:19:44 -06:00
c2a12949a0
Add lwp-request CmdStager
2020-01-06 16:47:17 +00:00
f4a0ef2ee9
Land #12640 , improve Wordpress check versions
...
Merge remote-tracking branch 'upstream/pr/12640' into upstream-master
2019-12-26 13:47:04 -06:00
c43106216f
Improve error handling
2019-12-16 19:51:50 -06:00
11b8ef006c
Return CheckCode associated with RHOST
2019-12-16 19:51:50 -06:00
1f0d491a4f
Add print saying what module
2019-12-16 19:51:50 -06:00
442f36e466
Complete refactor of CheckModule
2019-12-16 19:51:50 -06:00
fde942bc37
Land #12517 , replace CheckScanner mixin with CheckModule, which works with anything
2019-12-16 17:40:10 -06:00
14b6282e51
Update other error to CheckCode message
2019-12-16 13:43:00 -06:00
f23ec6bc88
Add instantiation error to CheckCode
...
It's better here, now that it's supported.
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com >
2019-12-16 13:32:56 -06:00
7c071d2254
Remove instantiation error
...
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com >
2019-12-16 13:28:34 -06:00
ce0f08d064
Register RHOST(S) and RPORT in SSH mixin
2019-12-11 13:41:32 -06:00
3200781292
Land #12446 , add powershell AMSI bypass to web_delivery
2019-12-09 18:03:54 +08:00
347c63377d
Print a warning for lack of CheckCode
2019-12-03 10:36:34 -06:00
0b99b78c91
Don't validate exploit options needlessly
2019-12-03 10:36:34 -06:00
9adc87c786
Check for nil
2019-12-03 10:36:34 -06:00
1c87c21d8e
Validate exploit options, too
2019-12-03 10:36:34 -06:00
91c6c74173
Add only targeting options and validate datastore
2019-12-03 10:36:34 -06:00
1952697404
Refactor CheckScanner to CheckModule
2019-12-03 10:36:34 -06:00
857677f39d
Update log message
2019-11-29 11:35:14 +01:00
39ab534773
Improve Wordpress version check
...
- Add log message to Detected and Unknown check codes
- Add an exception handler to catch Gem::Version parsing errors
2019-11-28 12:56:08 +01:00
b63fd963aa
default AMSI bypass off except for web_delivery
2019-11-19 22:26:40 +08:00
927264e3e5
Update powershell.rb
2019-11-05 00:23:43 +01:00
099054ded2
Update powershell.rb
2019-11-01 15:19:36 +01:00
f302df31aa
Add note about opts['headers']
2019-10-31 12:24:04 -05:00
b9baa80823
Refactor to use config hash and new option
2019-10-31 11:11:43 -05:00
d17f041dbd
fix inner payload for web_delivery
2019-10-31 16:29:56 +01:00
b268feda73
Allow partial response due to timeout
2019-10-29 21:25:21 -05:00
f5bb6f8ca2
Land #12428 , Extend check codes with custom messages
...
Merge branch 'land-12428' into upstream-master
2019-10-15 11:06:33 -05:00
b1b59fca35
add support for Powershell::prepend_protections_bypass
2019-10-13 03:27:21 +02:00
6fac30aec8
Change vprint_status to vprint_error
2019-10-09 11:36:39 -05:00
62412c8d00
log a bit more about what happened
2019-10-09 08:39:03 -05:00
c4365cfe08
handle extra data on rdp_recv with length check
...
We should really be doing something like strictly parsing PDU headers in rdp_recv and then parseling out PDUs instead of recv_and_pray, but this should get us past the initial issue where sometimes there is an extra PDU right after
2019-10-09 08:22:02 -05:00
f9c5939a29
Teach more things about the new check codes
2019-10-08 16:21:40 -05:00
9f29f5f419
fix spelling received
2019-10-05 14:40:27 -04:00
c747221863
Remove invalid email addresses
2019-10-02 13:35:25 +02:00
5b36b6ed71
add docs, simplify some areas
2019-09-23 04:50:54 -05:00
0715b7688a
use client_random, add notes
2019-09-22 17:20:58 -05:00
0d34de7d2f
support sending license requests
2019-09-22 16:47:08 -05:00
963489e196
add further license PDU parsing
2019-09-20 08:15:07 -05:00
3174af03e4
add initial license packet handler
2019-09-19 06:09:41 -05:00
d2da56bd90
use specified RDP_CLIENT_NAME
2019-09-19 06:05:08 -05:00
0a05ee6577
Use the rdp connect/disconnect methods for WinXP
2019-09-19 06:05:08 -05:00
ab631044af
adjust rdp fingerprint code to match self.rdp_sock changes in exploit mixin
2019-09-19 06:05:08 -05:00
f479ed2d73
Small refactors, comments and tidying up
2019-09-19 06:05:08 -05:00
edcc423eea
Lots more RDP mixin changes, and first pass of ruby exploit
...
This code is at the point where we SHOULD see a crash (given that the
payloads in use for kernel/user are both just As and Bs (deliberate at
this point).
Unforunately the exploit does not result in a crash. Things just keep
on going! I've looked at the difference in the traffic across the two
different exploits (py and rb) and what's clear is that the mixin is
doing a lot more work at the start.
Also, the mixin generates packets of smaller size in the way that it
encodes data (ie. it doesn't always use 2 bytes for a short value, it'll
use 1 instead if only 1 is required).
Pretty sure that the size issues aren't the problem, I think there's
something else in play. I'm at the point where diving into the RDP stuff
even more isn't inspiring so I'm hoping that opening this up to collab
will help us move forward.
2019-09-19 06:05:08 -05:00
1d6e319ac2
Refactor of RDP mixin to make it more configurable
...
Slowly moving away from a huge hard-coded blob of inflexible bytes
towards a more data-driven approach that allows configuration of various
elements of the packets that are generated.
2019-09-19 06:05:08 -05:00
William Vu